25-GPU cluster can brute force Windows password in record time

By on December 10, 2012, 9:30 AM

Jeremi Gosney, the founder and CEO of Stricture Consulting Group, recently showcased a GPU-based computer cluster capable of brute forcing its way through any standard eight-character Windows password (including upper- and lower-case letter, digits and symbols) in less than six hours.

The machine, powered by 25 AMD Radeon graphics cards, runs the Virtual OpenCL cluster platform. This allows all of the machines / GPUs to act as a single computer. With this configuration, Gosney was able to use a password-cracking suite called ocl-Hashcat Plus that is designed specifically for GPU computing.

The cluster uses the NTLM cryptographic algorithm included in all versions of Windows since Server 2003 and is able to generate and test 350 billion password guesses per second. Once the math is factored in, that equates to every different password combination in only five and a half hours. Gosney said they can now attack hashes about four times faster than they previously could.

VCL virtualization is essentially what makes a system like this possible. GPU computing isn’t exactly new but hardware and software limitations have thus far prevented most people from running more than eight graphics cards on a single computer.

"Before VCL people were trying lots of different things to varying degrees of success," Gosney told Ars Technica. "VCL put an end to all of this, because now we have a generic solution that works right out of the box, and handles all of that complexity for you automatically. It's also really easy to manage because all of your compute nodes only have to have VCL installed, nothing else. You only have your software installed on the cluster controller."

It’s worth pointing out that this method typically only applies to offline attacks due to the fact that most websites limit the number of incorrect password guesses before either locking the account down or enforcing a waiting period.

Either way, experts suggest using a password that is at least nine characters long and doesn’t contain names, words or common phrases.




User Comments: 62

Got something to say? Post a comment
1 person liked this | jasphoto said:

It would be nice if the article said what difference would 9 characters over 8 make using this method - or 10 for that matter.

3 people like this | Vicenarian said:

But can it run Crysis?

(I know, I know...)

1 person liked this | tomkaten tomkaten said:

"While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems.[2] It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure cryptosystems such as WEP."

NTLM is RC4-based and, as such, is quite obsolete. See a backtrack distro cracking your WEP pass in an hour or two, easier ones, of course, but still, I'd say this algorithm's credibility is pretty much shot.

Let me see it crack an AES 256 hash based pass of 16 characters or more and then you can color me impressed

Still, it's scary for the masses, since we all know the complexity of the average man's password.

marinkvasina marinkvasina said:

"While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems.[2] It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure cryptosystems such as WEP."

NTLM is RC4-based and, as such, is quite obsolete. See a backtrack distro cracking your WEP pass in an hour or two, easier ones, of course, but still, I'd say this algorithm's credibility is pretty much shot.

Let me see it crack an AES 256 hash based pass of 16 characters or more and then you can color me impressed

Still, it's scary for the masses, since we all know the complexity of the average man's password.

Give it time and it will crack that too.

Guest said:

What is the last password it will try in those six hours? I will make that one mine, ZzZZZzzz?

lipe123 said:

All the more reason passwords needs to go away and everything needs to use one centralized authentication system thats linked to some biometrics or a physical off line key carried by the user.

Guest said:

It still converts into a digital "something" that can be cracked...

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Where are the safeties against such attacks?

There are logins that make you wait a certain length of time before you can try again, if you fail to enter the correct password in three tries. If the system (once it has been locked down from incorrect entry) required the correct password to be entered three times in a row no quicker than 5 seconds apart, would tremendously increase the time it takes to break passwords.

1 person liked this | Fokissed Fokissed said:

It would be nice if the article said what difference would 9 characters over 8 make using this method - or 10 for that matter.

Given that there are 94 usable characters for passwords, so each character will increase the total number of passwords 94 times. So a 9 character password will take 94 times as long to crack as an 8 character password. A 10 character password will take 8836 times as long to crack.

Guest said:

"All the more reason passwords needs to go away and everything needs to use one centralized authentication system thats linked to some biometrics or a physical off line key carried by the user."

Nah, I'd rather not risk having my digital biometrics cracked and put on the net. Would much rather that be a password if it should happen

Fokissed Fokissed said:

"While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems.[2] It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure cryptosystems such as WEP."

NTLM is RC4-based and, as such, is quite obsolete. See a backtrack distro cracking your WEP pass in an hour or two, easier ones, of course, but still, I'd say this algorithm's credibility is pretty much shot.

Let me see it crack an AES 256 hash based pass of 16 characters or more and then you can color me impressed

Still, it's scary for the masses, since we all know the complexity of the average man's password.

AES 256 isn't any better against a brute-force attack than RC4. RC4's weakness is that it can be broken in other ways, not brute-force. Password length is the only way to increase the time it takes to brute-force a password (and the time it takes to hash each password).

Fokissed Fokissed said:

Where are the safeties against such attacks?

There are logins that make you wait a certain length of time before you can try again, if you fail to enter the correct password in three tries. If the system (once it has been locked down from incorrect entry) required the correct password to be entered three times in a row no quicker than 5 seconds apart, would tremendously increase the time it takes to break passwords.

The point of this brute-force is to produce a password with a matching hash as the original password. The hash is easily obtained, it's the password that produces that exact hash which is hard to find.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

The point of this brute-force is to produce a password with a matching hash as the original password. The hash is easily obtained, it's the password that produces that exact hash which is hard to find.

So what are you saing? A password can be found once a hash is known, without attacking the system? Seems kind of stup-id to allow a way of breaking a system without confronting the system.

If this is true, then the failure of using a password is not the password itself but easy access to the hash.

Guest said:

How long this device can crack the password if I add biometric fingerprint lock along the password? :D

fimbles fimbles said:

Blizzard authenticator to the rescue!

RzmmDX said:

I don't know, xkcd has convinced me that random words are much better than random characters for humans to remember and took longer for computers to brute force. Unless the math was wrong.

Guest said:

You can do the math yourself. Since they are brute-forcing the password, adding a single character (chosen from a pool of N different characters) can only increase the cracking time by factor N at worst, N / 2 on average. N is most likely less than 100 (lowercase letters, uppercase letters, numbers and about 20-30 special characters available on keyboard).

Row1 said:

If the password is not eight characters, solution time goes way up.

Plus - these people have a way-faster internet connection than I have. If I enter a wrong password by mistake, it takes me a few seconds to enter the next one. The processor power cannot be local. Are the IT guys gonna wheel this frankenprocessor in on a cart anytime someone forgets their password, and plug it in?

misor misor said:

So my password "n0p455w0rd" is no longer safe?

I have no idea why gpu is used to crack passwords rather than the cpu.

and I have no idea why microsoft is now limiting password characters to a maximum of 16.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

If I am understanding the hash concept, what is stopping anyone from creating a huge cross-reference from password to hash?

If a hash is so easy to find, what is stopping anyone from reading the hash and then cross-referencing a DBase of hashes to instantly unlock anyones computer?

2 people like this | St1ckM4n St1ckM4n said:

...

I have no idea why gpu is used to crack passwords rather than the cpu.

...

GPUs have a lot higher bandwidth than CPUs. GPUs are now used in supercomputers, and NVIDIA's CUDA solution has been used for a long time in things like Photoshop/Premiere.

If I am understanding the hash concept, what is stopping anyone from creating a huge cross-reference from password to hash?

If a hash is so easy to find, what is stopping anyone from reading the hash and then cross-referencing a DBase of hashes to instantly unlock anyones computer?

I'm not going to claim to be an expert, but this is my understanding: it is possible to obtain the hash for a lot of password systems. Not all, but a lot.

This hash is different for each system. password1 can be hashed to xyz on techspot, but it will be qwerty on gmail. The hashes I believe are made my applying a 'master hash key' to the ASCII password, which as before, is different for each system.

Cristian2k Cristian2k said:

There is usually a password policy that defines how many invalid passwords can you enter before the account got locked, also you can define for how long you can lock it when that limit is reached, and to sum up you can set how often you require the password to be changed. That is why brute force has become obsolete, even more obsolete than NTLM.

platinumsteel said:

Those guys need to run that beast on a WPA password dictionary.. using Elcomsoft Wireless Auditor..that would be insane speeds..lol.haha..Not the easy windows passwords.A cave man could guess that shit.

Arris Arris said:

Guess that's why "You have been locked out, contact systems admin" after a certain amount of attempts setups are popular.

Or even the "After the next wrong password you will be locked out for 15 minutes." setups.

1 person liked this | PinothyJ said:

Either way, experts suggest using a password that is at least nine characters long and doesn?t contain names, words or common phrases.

That is crap: http://imgs.xkcd.com/comics/password_strength.png

-_-...

Fokissed Fokissed said:

That is only assuming a dictionary-based attack is not used.

Guest said:

What if it guesses on random remembering what it guess before. And not going in order. It would be even faster.

1 person liked this | EXCellR8 EXCellR8, The Conservative, said:

...or just spend less than 10 min asking the appropriate party for the password. This has pretty much zero real life scenario relevance; what a waste of GPU horsepower.

1 person liked this | Guest said:

This hash is different for each system. password1 can be hashed to xyz on techspot, but it will be qwerty on gmail. The hashes I believe are made my applying a 'master hash key' to the ASCII password, which as before, is different for each system.

Better than that ... if the site knows anything about security, then the hash is calculated for the password and a random "salt" together. The salt is generated just for that user when the password is first created. The salt and the hash are both stored. So the attacker has to find a password that when hashed with that salt makes that hash. No dictionary is going to hold all passwords with all possible salt values.

Guest said:

And then that key becomes extremely valuable=worth killing for ;-)

jonjonjon said:

Lame. this is pretty much useless. for the most part this cant be used online. anyone with real pw worth cracking like bitlocker or truecrypt pw is going to use a 20+ character pw. all they did is create the world most expensive windows pw cracker. they could have saved all the money and downloaded microsofts msdart.

PinothyJ said:

That is only assuming a dictionary-based attack is not used.

At that length a dictionary attack would take longer than the eight length password with stupid characters...

dj_sa said:

Better than that ... if the site knows anything about security, then the hash is calculated for the password and a random "salt" together. The salt is generated just for that user when the password is first created. The salt and the hash are both stored. So the attacker has to find a password that when hashed with that salt makes that hash. No dictionary is going to hold all passwords with all possible salt values.

If you broke in the system to steal the hash, you'd steal the salt too.

dj_sa said:

At that length a dictionary attack would take longer than the eight length password with stupid characters...

That obviously depends on the size of the wordlist. There are 16604 unique words/numbers in the Bible so that's huge, but since those are words, they make up passwords quicker than chracters. You can sort words by frequency:

the 63924

and 51696

of 34734

to 13561

that 12913

in 12667

he 10420

shall 9838

unto 8997

for 8971

1 person liked this | Zoltan Head said:

Why can't they just write it on a post-it and stick it to the monitor like most people?

dj_sa said:

Why can't they just write it on a post-it and stick it to the monitor like most people? ;)

yah, since I was banned yesterday for trying to promote my crowdfunding campaign for a solution to this problem, I guess you'd only know if you PM me. :-p

PinothyJ said:

That obviously depends on the size of the wordlist. There are 16604 unique words/numbers in the Bible so that's huge, but since those are words, they make up passwords quicker than chracters. You can sort words by frequency:

the 63924

and 51696

of 34734

to 13561

that 12913

in 12667

he 10420

shall 9838

unto 8997

for 8971

But none of those words would be used...

dj_sa said:

But none of those words would be used...

Are you sure? It was talking about passphrases/sentences, and many pages ago where people referred to an xkcd comic strip. correct and horse are both in the bible, interstingly, no battery nor staple were in the bible since it's before its time.

Either way, frequency is some times take into consideration for dictionary attacks.

PinothyJ said:

Are you sure? It was talking about passphrases/sentences, and many pages ago where people referred to an xkcd comic strip. correct and horse are both in the bible, interstingly, no battery nor staple were in the bible since it's before its time.

Either way, frequency is some times take into consideration for dictionary attacks.

None of those words would be used as you did not list any of those words in your frequency table.

Four words using only the words in the bible equates to 76,006,528,794,009,856 possible combinations. While an eight character password with numbers, upper and lower case letters, and let's say a choice of thirty special characters (the amount on a US keyboard) comes up with 6,095,689,385,410,816 possible combinations. That is a figure that is twelve times easier to crack if you use a password that is bloody hard to remember. Not to mention the former example sky-rockets when you add a possibility for the first letter of one or all of the words to be upper-case (1,216,104,460,704,157,696 -- 200 times harder to crack), as well as taking into account modern words (the figure sits at about 64,000 'common words' which bring it to 16,777,216,000,000,000,000 -- 2,752 times larger -- and 268,435,456,000,000,000,000 -- 44,037 times larger -- for the possibility of an upper-case character starting one of the words).

Soooo: at the end of that I think those 'experts' can stick it up their nose with the rubber hose...

dj_sa said:

None of those words would be used as you did not list any of those words in your frequency table.

Four words using only the words in the bible equates to 76,006,528,794,009,856 possible combinations. While an eight character password with numbers, upper and lower case letters, and let's say a choice of thirty special characters (the amount on a US keyboard) comes up with 6,095,689,385,410,816 possible combinations. That is a figure that is twelve times easier to crack if you use a password that is bloody hard to remember. Not to mention the former example sky-rockets when you add a possibility for the first letter of one or all of the words to be upper-case (1,216,104,460,704,157,696 -- 200 times harder to crack), as well as taking into account modern words which will widen the possible combinations exponentially -- literally!

Soooo: at the end of that I think those 'experts' can stick it up their nose with the rubber hose...

Some "experts" told me my campaign doesn't solve the biggest problem...etc... and I said, Rome wasn't built in a day. Anything is better than the current situation...

Zoltan Head said:

Some "experts" told me my campaign doesn't solve the biggest problem...etc... and I said, Rome wasn't built in a day. Anything is better than the current situation...

As I understand it a team in Cambridge, UK are working on a system that will be able to build Rome in a day, while using less energy than an ordinary quasar.

dj_sa said:

As I understand it a team in Cambridge, UK are working on a system that will be able to build Rome in a day, while using less energy than an ordinary quasar.

haha... you won't believe it was the same team who told me that... on the other hand, some security architect who works in the real world pledged for my campaign.

crazyboots crazyboots said:

I think just 4 7990 should able to do about the same thing lol I await the 8990's before I upgrade from my 7970 1ghz

Guest said:

*adds a letter to his password*

*trollface engage*

Guest said:

It' s a comic ...

Felipe Queirolo Felipe Queirolo said:

-_-...

But can it run Crysis?

(I know, I know...)

I believe there are FirePro cards

captaincranky captaincranky, TechSpot Addict, said:

and I have no idea why microsoft is now limiting password characters to a maximum of 16.
Probably because boredom & fatigue set in after you've typed something as complex as, "1, 2, 3, 4, 5, 6", and nobody would be able to log on without taking a 10 minute coffee break.

I have no idea why gpu is used to crack passwords rather than the cpu.
All just joking aside, likely because the bit width access and memory bandwidth of a modern single GPU far exceed that of the typical CPU. (at present 64 bits, versus single GPUs @256 bits). I'm thinking you could convince a GPU cluster to, "wild guess much faster".

I believe there are FirePro cards
Are you saying a "Fire Pro" video card won't play "Crysis"? 'Cause that would really burn my buns. Have you seen the prices they charge for those things?

To the upside, if the Fire Pro cards won't play Crysis, then not too many will fall into the wrong, unscrupulous hands.

Guest said:

AES is a symmetrical encryprtion algorithm ... not a hash algorithm. SHA-256, 384, 512, etc. are hash algorithms. Once the AES encryption key is guessed, any password protected by the key is shot. SHA-512 has the advantage that each password has to be cracked individually (especially if it is salted.)

RocketSteve RocketSteve said:

You can do the math yourself. Since they are brute-forcing the password, adding a single character (chosen from a pool of N different characters) can only increase the cracking time by factor N at worst, N / 2 on average. N is most likely less than 100 (lowercase letters, uppercase letters, numbers and about 20-30 special characters available on keyboard).

So if we 'do the math' or maths for those in England, the possible number of combinations is 26 lowercase and 26 upper case and ten numbers and 31 symbols = 83

To the power of 8 (as this is the password length) = 2252292232139041 combinations

At 350 000 000 000 calcs per sec = 6435.12 secs to complete

In hours = (/3600) = 1.78 hours

Article states 5.5hrs. Something in error of my maths?

As Brian Cox says 'It's always important to show your workings'...

captaincranky captaincranky, TechSpot Addict, said:

So if we 'do the math' or maths for those in England,....[ ].......

Article states 5.5hrs. Something in error of my maths?

As Brian Cox says 'It's always important to show your workings'...

Rocket, do the British really use the term "math" in the plural in this context.? As an uppity colonist, I'd substitute the term, "calculations".

I tell you, sometimes it's like the Americans and Brits are speaking a different language. Although, in the case of the ANZAC nations, I think they actually are....

As far as you mathematical results go, I couldn't tell you. I live alone and don't use passwords. Since my HDDs are chock full of erotic art, if somebody gets into my computer, they'll probably get grossed out and leave anyway....

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.